After a Cyber Security Awareness Training for company X, I thought about sharing the idea and even the script used to make it easier and available for everyone.

Before doing anything, you can check here some Tor uses/users statistics 05/2021

• By Users :
  

• By Country :
  

• By Relays :
  

• By Relays :
  

How TOR over VPN works ?

Starting with docker

So, here we’ll use a docker image with Tor installed on it. We

Docker

On docker I’m going to use alpine instead of Debian on docker for it’s light weight.

Configuring the image

starting with tor config file torrc / (/etc/tor/torrc)

    VirtualAddrNetwork 0.0.0.0/10
    AutomapHostsOnResolve 1
    DNSPort 0.0.0.0:53530
    SocksPort 0.0.0.0:9050

you can change port 1962 to your own

and now the Dockerfile

FROM alpine:latest
RUN apk update && apk add tor
COPY torrc /etc/tor/torrc
RUN chown -R tor /etc/tor
USER tor
ENTRYPOINT ["tor"]
CMD ["-f", "/etc/tor/torrc"]

• The containing of the folder should be :

Now let’s build and image : docker build -t sofiane/tor .

Check the image `docker image ls | grep sofiane/tor

Using the proxy

Start by running the docker image docker run --rm --detach --name tor --publish 1962:1962 sofiane/tor

Now let’s test it out!

• Without Proxy : My Real IP
  
• With Proxy : a Tor exit
  

You can check with tor website too :
curl --socks5 localhost:9050 --socks5-hostname localhost:9050 -s https://check.torproject.org/ | cat | grep -m 1 Congratulations | xargs

Configuring the VPN

We won’t use the VPN on a docker, because first we need to create the tun device on the container which is a kill for the Security.

So to setup as a vpn, we’ll use a Linux VPS ( Debian )

For the VPN, you will always use the same Tor config file!

But, you’ll need to make some changes to the iptables rules.

these rules are for the transparently, what we call Transparent Routing Traffic Through Tor

Check Tor website explaining this in details : TransparentProxy

First of all, add these 3 Environment variables

And the iptables rules :

don’t forget that you need openvpn, iptables and tor installed on your machine.

Final step, is to create your own openvpn profile, to do that I suggest you this small script that I love and use often :

$ curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
$ chmod +x openvpn-install.sh

and run it using

$ ./openvpn-install.sh

and for setting the rules, we will use this script :

Okey, now let’s do this together !

• 1 - connect to the vps ( don’t forget to allow traffic on the used ports)
• 2 - install all the needed packages
  

• 3 - change the torrc file
  curl -L https://raw.githubusercontent.com/SofianeHamlaoui/Tor-scripts/main/torrc > /etc/tor/torrc > torrc && sudo mv torrc /etc/tor/torrc
  

• 4 - Using the openvpn script

  

  and save the .ovpn file

• 5 - Enabling OpenVpn & Tor services :
  

• 6 - Adding the rules
  $ curl -O https://raw.githubusercontent.com/SofianeHamlaoui/Tor-scripts/main/vpn.sh && chmod +x vpn.sh $ sudo ./vpn.sh
  

Congrats ! now you can surf the net using a VPN through TOR connection.